Skip to content

Commit

Permalink
Merge pull request codeigniter4#7620 from kenjis/refactor-RequestTrait
Browse files Browse the repository at this point in the history 
refactor: remove unused non-empty array in RequestTrait
  • Loading branch information
@kenjis
kenjis authored Jun 26, 2023
2 parents 3bb0831 + b819f9d commit 1e7204b
Showing 1 changed file with 57 additions and 54 deletions.
111 changes: 57 additions & 54 deletions system/HTTP/RequestTrait.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,11 @@ public function getIPAddress(): string
// @phpstan-ignore-next-line
$proxyIPs = $this->proxyIPs ?? config(App::class)->proxyIPs;
// @phpstan-ignore-next-line

// Workaround for old Config\App file. App::$proxyIPs may be empty string.
if ($proxyIPs === '') {
$proxyIPs = [];
}
if (! empty($proxyIPs) && (! is_array($proxyIPs) || is_int(array_key_first($proxyIPs)))) {
throw new ConfigException(
'You must set an array with Proxy IP address key and HTTP header name value in Config\App::$proxyIPs.'
Expand All @@ -79,76 +84,74 @@ public function getIPAddress(): string
return $this->ipAddress = '0.0.0.0';
}

if ($proxyIPs) {
// @TODO Extract all this IP address logic to another class.
foreach ($proxyIPs as $proxyIP => $header) {
// Check if we have an IP address or a subnet
if (strpos($proxyIP, '/') === false) {
// An IP address (and not a subnet) is specified.
// We can compare right away.
if ($proxyIP === $this->ipAddress) {
$spoof = $this->getClientIP($header);

if ($spoof !== null) {
$this->ipAddress = $spoof;
break;
}
}
// @TODO Extract all this IP address logic to another class.
foreach ($proxyIPs as $proxyIP => $header) {
// Check if we have an IP address or a subnet
if (strpos($proxyIP, '/') === false) {
// An IP address (and not a subnet) is specified.
// We can compare right away.
if ($proxyIP === $this->ipAddress) {
$spoof = $this->getClientIP($header);

continue;
if ($spoof !== null) {
$this->ipAddress = $spoof;
break;
}
}

// We have a subnet ... now the heavy lifting begins
if (! isset($separator)) {
$separator = $ipValidator($this->ipAddress, 'ipv6') ? ':' : '.';
}
continue;
}

// If the proxy entry doesn't match the IP protocol - skip it
if (strpos($proxyIP, $separator) === false) {
continue;
}
// We have a subnet ... now the heavy lifting begins
if (! isset($separator)) {
$separator = $ipValidator($this->ipAddress, 'ipv6') ? ':' : '.';
}

// Convert the REMOTE_ADDR IP address to binary, if needed
if (! isset($ip, $sprintf)) {
if ($separator === ':') {
// Make sure we're having the "full" IPv6 format
$ip = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($this->ipAddress, ':')), $this->ipAddress));
// If the proxy entry doesn't match the IP protocol - skip it
if (strpos($proxyIP, $separator) === false) {
continue;
}

for ($j = 0; $j < 8; $j++) {
$ip[$j] = intval($ip[$j], 16);
}
// Convert the REMOTE_ADDR IP address to binary, if needed
if (! isset($ip, $sprintf)) {
if ($separator === ':') {
// Make sure we're having the "full" IPv6 format
$ip = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($this->ipAddress, ':')), $this->ipAddress));

$sprintf = '%016b%016b%016b%016b%016b%016b%016b%016b';
} else {
$ip = explode('.', $this->ipAddress);
$sprintf = '%08b%08b%08b%08b';
for ($j = 0; $j < 8; $j++) {
$ip[$j] = intval($ip[$j], 16);
}

$ip = vsprintf($sprintf, $ip);
$sprintf = '%016b%016b%016b%016b%016b%016b%016b%016b';
} else {
$ip = explode('.', $this->ipAddress);
$sprintf = '%08b%08b%08b%08b';
}

// Split the netmask length off the network address
sscanf($proxyIP, '%[^/]/%d', $netaddr, $masklen);
$ip = vsprintf($sprintf, $ip);
}

// Again, an IPv6 address is most likely in a compressed form
if ($separator === ':') {
$netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr));
// Split the netmask length off the network address
sscanf($proxyIP, '%[^/]/%d', $netaddr, $masklen);

for ($i = 0; $i < 8; $i++) {
$netaddr[$i] = intval($netaddr[$i], 16);
}
} else {
$netaddr = explode('.', $netaddr);
// Again, an IPv6 address is most likely in a compressed form
if ($separator === ':') {
$netaddr = explode(':', str_replace('::', str_repeat(':', 9 - substr_count($netaddr, ':')), $netaddr));

for ($i = 0; $i < 8; $i++) {
$netaddr[$i] = intval($netaddr[$i], 16);
}
} else {
$netaddr = explode('.', $netaddr);
}

// Convert to binary and finally compare
if (strncmp($ip, vsprintf($sprintf, $netaddr), $masklen) === 0) {
$spoof = $this->getClientIP($header);
// Convert to binary and finally compare
if (strncmp($ip, vsprintf($sprintf, $netaddr), $masklen) === 0) {
$spoof = $this->getClientIP($header);

if ($spoof !== null) {
$this->ipAddress = $spoof;
break;
}
if ($spoof !== null) {
$this->ipAddress = $spoof;
break;
}
}
}
Expand Down

0 comments on commit 1e7204b

Please sign in to comment.